Getting forked by Microsoft (philiplaine.com)

They want you to be intimidated by their reputation because it's easier if you make concessions first hoping to get some benefit later. Keep in mind, these are business people and they're very good at it (otherwise they wouldn't be giants). The benefit will never materialize. Working for free just means it was an easy win and you left money on the table.

Do not work for free. Large companies have a shit ton of money. All you need to do is provide an economical argument in the form of your rate (which should take into account their expenses for having an employee / team work on it instead, hint: 2 x total compensation). Getting paid is just a matter of the guy who reached out to you to talk to his skip manager to get a verbal 'ok', and then the accounting department takes care of it. They're not going to pass on you just because you asked to be paid for your time - a business is used to paying for services. If they do pass on you without even negotiating your rate, then they were definitely not serious and nothing good would have come out of it for you.

Source: dev working at FAANG with 3rd party companies.

And as you illustrated, for a one-off project, rate doesn't really matter. It just needs to get approved by someone senior enough, who will ask "Do we have anyone in-house that knows this?" and "How much will it cost to do all this ourselves?"

If the answer to the first question is "No" then you'll be very cheap compared to the second answer no matter how much you cost.

I always tell this cautionary tale when talking to friends turned founders. I was going to a 1-1 with a Director (Bob) in a FANG company. As I was walking to his desk, another Director and a Senior Director (Gus) called out to him that the meeting was starting and he should join -- he asked me to come along and tell him my thoughts.

It was a sales call with a 2-person tech company building some tools in the cloud native space. They were super eager, walking through the product. My manager put the phone on mute and asked "So what are we trying to do here" to the other directors. They replied "We just want to kick the tires to figure out how they built it, we're not going to buy". They let these guys pitch for 20 minutes, periodically asking questions and then muting to mock them. My manager nudged me to ask something, since I ran a similar initiative internally. I asked how they would handle a gnarly case we had and they didn't have a solution yet, but could come up with one (super eager, wanted the deal).

At the end of the call, Gus un-muted the phone and said "This looks great but I'm having a hard time following the demo. Can you fly out and show us in person?". The sellers paused and then started asking when the other was free etc, one was going on vacation but could "make it work" to come out the next week. Gus replied "Great, see you next week".

I left that meeting realizing they were all psychopaths. Notably, Gus had the charism of Gus Fring from Breaking Bad.

This article and your comment reminds me of the story about winget/appget https://medium.com/@keivan/the-day-appget-died-e9a5c96c8b22

Note - maybe they don't pay you the developer sometimes, however.

I worked for them for six months just to help them collaborate with Mozilla, about 20 years ago. They will absolutely pay.

> Don't work for free.

I may encounter this situation some day. Could you share how you structured your fees (and give the hourly rate you charged them :P) ?

They definitely will open the checkbook pretty quick for small, well-defined projects like this. Stuff where they don't want to waste their internal resources; stuff that has an end game, like "build this complete widget and then go away."

> There was a little grumbling about the rate but I just reiterated that it was my rate.

Would you be willing to share what your rate was? I think it'd be useful for other FOSS maintainers to get a better understanding of their worth.

They got a good deal; a ready-made solution (at least suitable for some real-world purposes similar to, if not quite theirs) for the price of 2 days of consulting.

A good reminder that we're allowed to value our time and expertise, especially when dealing with companies that can pay but often hope you'll give it away for free in the name of "collaboration."

Now that you got caught you are fixing it and writing fancy PR fluff. An org the size of MS should have clear policies and processes of how to handle open source forks like this. Unless we assume “bad faith” here. This is a pretty bad look.

I wonder how many other projects are not attributed correctly. Are you checking up on them also or just waiting for the next HN post?

That said, the author of Spegel should have used another license if he wanted more “recognition” or the like.

> but we failed to give you the attribution you, that was a mistake and I’m sorry.

In other words: there exists some responsible person at Microsoft who violated the copyright (yes, removing the attribution is also a copyright violation!) for Microsoft.

In consideration how Microsoft has been treating copyyright violators for decades, if Microsoft does not give this responsible person the same crual treatment, it should be considered an honest, clear, implicit official statement from Microsoft's side that they are perfectly fine if hackers violate all of Microsoft's copyright. In other words: it means that all of Microsoft's software now (spiritually!) will become public domain.

Also, if Microsot does not make make this responsible person pay the caused damage from their own pocket to the original author of Spegel with the same monatery magnitude as if Microsoft would sue other entities for a violation of copyyright of Microsoft's software, the same statement applies.

Kudos for stepping in here, but I think the team at Microsoft need to do some more investigation, no?

Microsoft is a large, wealthy corporation has a big target painted on its back, and, consequently, CELA (corporate, external, and legal affairs) are, for good reason, a very strong force inside Microsoft. You can't just grab some code from someplace at Microsoft. Your PM has to run it past your division's CELA rep, look at the terms, assess exposure, etc. Did that happen?

If not, that's a big hole and you should probably beg forgiveness from them as you ask for an audit of every other piece of code you've picked up.

If it didn't happen, well, I suspect someone in your group just became the new Nelson, the hapless developer, in Microsoft's Standards of Business Conduct videos. You really don't want to be Nelson.

> When you spoke with our engineers about implementing artifact streaming you said it was probably out of scope for Spegel at that time, which made sense.

It seems like it would have been a much better strategy to add artifact streaming, submit a pull request and then if the maintainer isn't interested in adding it, proceeding with a fork.

"Probably out of scope" sounds like "I dont have time to implement a feature of that scope"

I think this is a good case for applying Hanlon's Razor. The person that did the forking and removal of copyright text may simply not know that it needed to stay there.

I would love to know what processes MS is considering to prevent this in the future as well as what kind of auditing might be done to look at other projects that started as forks.

Not good enough. All previous commits still infringe Spegel's copyright, given they are still available and distributed. I would assume the point release also infringes copyright.

You are Microsoft. You can do better.

> We hear you loud and clear ..

oh, corporate wording. so you do not really care :D

What about the allegations that people in MS did this for personal gains? Will there be any lessons learned from this?

I might not be up to speed, is naming this behaviour "source of inspiration" a common industry term to accurately represent an unacknowledged fork by the large company over the small?

It seems an option to not take free labour to build a commercial cloud largely as a wrapper of open-source, and maybe find other ways to support the creators.

If one person's labour is that valuable to a company, maybe it will help someone realize that supporting such individuals monetarily might help create the next thing with time that they can't get to today.

Give him a share of the money you make off of it.

These practices have been an ongoing matter since 1975.

Send a big fat cheque to him.

Considering how Microsoft behaved regarding copyright violations in the past, the original author should at least ask damages in court.

We could even crowdfund the lawsuit, I am sure he will win.

Hey how about doing the right thing first time next time instead of waiting until you get ass-blasted on social media?

yea, sure. but at least pay him for the "discussion". also, next time you people approach opensore maintainers, pay them for their time.

Maybe as a show of good faith you could send the original creator 10 or 20k usd as a thank you. Talk is cheap

Do better next time, eh?

[flagged]

Just because the shareholders didn't vote on it, or an exec didn't explicitly say "hey steal this" does not absolve the company. Leadership doesn't get to throw up their hands and say "not my fault" when something bad happens.

It is ultimately the responsibility of the company and its people to create a system where things like this are discouraged or prohibited. Not doing so is tacit approval, especially in this case where they have a significant history of doing the same thing.

Yeah, but Microsoft's response to this will actually be a company official position.

It's a space to keep watching.

> More likely, this is a way for someone to get ahead in their career at Microsoft by passing off a successful open source project as their own accomplishment.

No, it was a whole team at MSFT: https://news.ycombinator.com/item?id=43755745

It's my personal experience that toxic behaviour is tolerated (and even encouraged) by toxic leadership.

Whilst there are always bad apples in a big company, a good company stamps out bad behaviour as soon as it becomes aware of it.

Licenses don’t matter and are rarely challenged in court.

This is the nature of OSS. Out right theft in hopes you will never know until it’s too late.

Very rarely do large corporations contribute their fair share back to any project.

Does this make me money and/or solve a problem quickly? Fork it and it’s mine.

Until we stop giving money to large corporations that profit off the free work of others, then it will never stop.

And it won’t because we like low cost solutions that work.

I think it’s a bit charitable to assume that something published under an official Microsoft public channel wouldn’t have some sort of legal review, at least for the initial publication.

They created the atmosphere that encourages or even necessitates shenanigans like these. Absolutely blame the corporation

It says "copyright microsoft" in that license file. Just because THAT file is MIT is irrelevant. They didn't retain the original license file. They should have APPENDED to it, keeping the original copyright holder name, otherwise it's just blatant copyright infringement that coincidentally is released under the same license.

Just the absence of a license generally means the creator has all right reserved by default. You don’t need a license in every file because in much of the world copyright is given by default to the creator. A licensed file is permission to do something with that copyright material.

> but you never put copyright notices in your files.

I thought having a LICENSE file in the project's root directory was sufficient. Is it not the case?

If they forked from before the author had a license, it’s worse. MS had no right to use it.

I’ve contributed to plenty of project that don’t have the per-file copyrights. It’s a choice not a mistake.

> Don't use one of the most permissive licenses in existence

Does it matter what license you use if they actively ignore the terms in the license you did chose? MIT requires attribution, but they didn't. Why would any other terms be different? You surely could have put "You must license your project the same as the one you forked from" and they still would have ignored it, not sure what the difference would have been.

And there is not only the GPL. MPL and EUPL are great, too!

> somehow the GPL seems to have gone out of vogue.

Which GPL is that? The GPL 2 and 3 are incompatible with each other, making cross contribution between different FOSS projects practically impossible. The "v2 or later" licensing model does nothing to remedy the problem. See Rob Landley's talk on this topic.

> My personal thought is that we need a new kind of license: community open source. No corporations, just community.

You are going exactly against the OSS philosophy. OSS shouldn't restrict the use of software just because you don't like it. It was created to fight exactly this. This is also why source available BS (like BSL) is against OSS. OSS is literally about being about hacking and changing software to suit your needs. It was never about the money part. You should create your software as proprietary if you are SO bothered with OSS. And you can always donate and contribute back to the OSS software you use. I don't think butchering OSS philosophy is the way.

The problem here is license illiteracy. Even I who for a while used to think I understood a lot about OSS license just had a doubt now:

When you fork, do you retain the copyright part? Copyright (c) 2024 The Spegel Authors

That is what we need to fix.

The k8s community is mostly people who work for commercial interests and use k8s in their companies. If you develop a component of the k8s ecosystem, and you want people to use it, you can't really exclude businesses from using it. There just aren't enough installations outside of commercial spaces for it to be relevant.

> The problem is that when a corporation like Microsoft does this, they harm our community

What is this "our community"? My releasing something under the MIT license doesn't mean I'm part of whatever community you're invoking. It means I'm releasing something with an MIT license. That's it.

I certainly don't want to give companies like MS a "pause" before they decide to fork my project. I'm explicitly telling them they can do that. I absolutely do not want them to be hampered by notions of "What will this action look like?"

Don't impose your values on other people's use of my software.

The license would no longer be open source if you limit use to only community.

See "6. No Discrimination Against Fields of Endeavor" in The Open Source Definition https://opensource.org/osd

> My personal thought is that we need a new kind of license: community open source. No corporations, just community.

It exists: https://creativecommons.org/licenses/by-nc-sa/4.0/

Hard to word that language to prevent a corporation from forking it, as you have to "fork" the project locally to make modifications and send patches back. I'm sure nobody here wants to stop a random engineer at a corporation from contributing to a community project?

If you want a corporation to avoid it like the plague, just make it GPLv3. If you really want to screw them, go with AGPLv3. This way you keep a true open source license, but don't have to worry about corporate control.

Just thought I'd mention something...

Free Software (like GPL) has the philosophy that you can USE the software for any reason. The rights are for the USER. The responsibility kicks in when you redistribute the software. It ensures that you preserve the same freedoms you received when you pass it on.

But if you restrict USING the software, it's not free software anymore.

Who is going to be able to afford to enforce such a (not Open Source) license against the corporations who will inevitably violate it? The GPL is already violated very commonly but is very rarely enforced, although Conservancy are trying to make that easier, but their precedent-setting lawsuit against Vizio is taking years to get to trial.

https://sfconservancy.org/copyleft-compliance/vizio.html

It already exists:

https://polyformproject.org/licenses/small-business/1.0.0/

https://writing.kemitchell.com/2022/01/26/Big-Time-2.0.0

Eh, just use the (L/A)GPL. It's already well understood and established; humans and well-meaning businesses can use the software ethically; corps won't use it even though they could because their intellectual property lawyers don't understand how intellectual property works.

Does this exclude anyone who works for a corporation from contributing? I think the obvious answer is no, as long as someone is working in their own interests, but it would be very hard to establish. After all, Linus worked for the Transmeta Corporation during some of Linux's most seminal years.

Yup. But then you also limit the usage of your software in enterprises which do not try to compete with you. There are a number of licenses which tried to solve this exact problem (cloud protection licenses / fair licenses / ...), for example Commons Clause, but community usually doesn't accept them nicely, at least I don't know of a case where they were welcomed. Not sure why, maybe because most of such projects go from FOSS to fair license instead of starting with one? Anyway, to me it looks like opensource licenses nowadays serve mostly the interests of Big Tech and not those of regular users.

But what is the practical difference between that and Spegel's situation? Where is the deterrent?

Microsoft is currently violating the license, and the author's recourse is this HN post.

You can get pretty close with a copyleft license like GPL.

How about post-open license? https://postopen.org/

I think a lot of people in the OSS world are feeling this tension more acutely now.

I think it's weird they didn't mention anything about Peerd or their plans on how to use Spegel to the author. They could've atleast said "btw we plan to do xyz" instead of leaving the author fantasizing about a collab.

No legal basis. They still might have an ethical basis regarding Microsoft's behavior, because law != ethics.

The author said that in the last line.

Highlight the part of the essay where he is claiming MS didn't have a right to do what they did.

The point of the article was that MS showed interest in his work, asked him about his designs. Said nothing about internal plans to fork it or use it. Then he shows up to a talk and sees them discussing his work.

Reading between the lines, it is 100% clear they didn't feel like telling him they planned to fork his software, and they danced around it. They didn't reach out to him afterward and say "thanks, we are building a fork and your free time was really useful".

The essay isn't claiming a legal issue. It's pointing out a substantial, practical issue with OSS that didn't exist nearly as prominently in the pre-cloud era: megacorps forking software and cutting out the OG developers.

Did they complain about anything else?

> I suspect that what's happening internally (at Microsoft) is that someone's leveraging your work towards their next promotion packet.

It just so happens that the Microsoft engineer who originally changed the license in GitHub went from Senior to Principal engineer at Microsoft in the past two months (according to LinkedIn). So you probably aren't far off.

The commit histories for the LICENSE files in the two repositories are rather interesting. The original author placed a single copyright notice in that file. Microsoft on the other hand published it with their copyright notice and a Apache 2.0 license in place of the original copyright notice and MIT license. They also put copyright Microsoft and license apache 2.0 headers on all files. They then changed the Apache 2.0 license to MIT, but left their copyright notice in place of the original copyright notice in LICENSE:

https://github.com/Azure/peerd/commit/473a26c808907f2d9f7b7f...

Unless they forked a very early version that did not even have the LICENSE file, such that they never removed the original notice, this looks like copyright infringement to me. That said, I am not a lawyer.

That was my initial guess as well. I am glad that the author chose to take a high ground instead of naming and shaming the people behind this egregious act.

It might be just a decision to own the code as it probably ends up in production, e.g. run codeql and other tools to scan it, have controlled releases and limit access to the repo. They might have had some other stuff to change and did not want to bother doing it in the original repo with unexpected timelines from the repo owner. A fork is a logical step for a company.

We need an updated/modernized AGPL that more explicitly delineates what is dependent software. SSPL is probably too far, but it has the right idea.

AGPL without CLA, to be precise. AGPL with CLA is a trap.

I agree with this. It seems to be one of the licenses out there that scares the big three cloud providers.

I dont see how that would’ve helped with authors complaints in this case

LGPL is sufficient (without the extra baggage of AGPL).

I have to say every thing mentioning the license or GPL or variants is getting instantly downvoted. Not a good look HN.

[flagged]

Whenever I see AGPL project, I close the page, and I believe many others would do the same.

I agree, after this happened to me I learned of a few other situations where the same thing happened to other friends.

On my end if was a mix of naivete and flattery which made me want to take the meeting. I suspect it is the same case for others. I will not make the same mistake the next time it happens.

Don’t entertain meetings without compensation from megacrop. But the project is open source. The author provided the right for them to take it in any way possible and copy it. If I’m not mistaken the MIT license allows what they did.

I’m assuming the complaint is more about Microsoft duplicity in asking for information as opposed to the forking of the code. The latter is fine - the license explicitly allows it.

> The best advice for open source maintainers who are being approached by large tech companies is to be very wary

Drop them a consultation fee in the thousands per hour, get something out of it at least. If they're going to reimplement your project, there's absolutely 0 you can do, they will just hire an intern and tell them the requirements for what you have built without having to meet you, ask them for expenses out of your day covered.

The cultural amnesia about how these companies have operated in the past and continue to operate just continues to boggle me.

It's as if we've learned nothing about exploitative corporation behavior for the last 20-30 years even though it's in the news EVERY other day.

Microsoft at it again with Embrace, Extend, Extinguish.

> Gates: OH, I DIDN'T GET RICH BY WRITING A LOT OF CHECKS.

> Gates: ( fiendish laughter )

https://frinkiac.com/caption/S09E14/1158256

> Seems it isn't the first time Microsoft leads open source maintainers on, trying to extract information about their projects so they can re-implement it themselves while also breaking the licenses that the authors use.

Can’t they just read the source themselves? Why do they need the maintainer?

It's very similar to being on the receiving end of what purports to be seeking an acquisition.

Both myself and my other half have separately been directly on the receiving end of the "brain rape" by major companies that everyone here will have heard of, both of which went nowhere except for the supposedly interested acquirer to become ever more angry that the crown jewels were simply not offered up on a plate.

This situation is surprising in that he did get an acknowledgement at all. These companies are not good actors, and have a casual disregard for the IP of everyone else that should be immediately obvious.

Or it was just a team inside Microsoft and he thought "Microsoft" talked to him and saw already dollar signs?

Open source license is there for reasons, he can sue them if they did it wrong.

> Not sure how people fell so hard for "Microsoft <3 Open Source" but it's never been true

I think it's important to highlight that the "Microsoft <3 Linux" narrative deserves some scrutiny too: (https://old.reddit.com/r/linux/comments/lbp1m8/for_anyone_th...)

Reading this made me think of AppGet, too

Another example here, Google forked a GCS fuse driver and the author found out later and posted on HN about it: https://news.ycombinator.com/item?id=35790223

Edit: apparently Google did not use the author's codebase, instead using an Apache 2.0 licensed codebase [1] explained here [2].

[1]: https://github.com/kubernetes-sigs/gcp-filestore-csi-driver

[2]: https://news.ycombinator.com/item?id=35863944

Yeah, at this point I feel .NET could benefit from being made into a proper marketed as independent foundation (and not the failing .NET foundation that does very little).

Because all these actions will get associated with .NET teams even if the latter go to great lengths to collaborate with community and ensure that new feature work does not step onto the toes of existing popular community libraries (for example Swashbuckle or eventing/messaging framework that was postponed/cancelled not to interrupt the work of other libraries including MassTransit, which is a bit ironic as MassTransit went full commercial later).

Microsoft runs on trust... like a car runs on gasoline

See also https://isdotnetopen.com and https://ghuntley.com/fracture

This feels like the scene from Silicon Valley about brain rape.

https://www.youtube.com/watch?v=_STfy0QQjJY

Also, many large orgs are known to do this.

Billion dollar companies are not hanging out with you to be your friend, even if you're at the table for a reason (you belong there because you know something they don't).

When speaking with big companies, you are not there to impress them.

Speak for impact + meaning, they are so big and brilliant and rich and should already know how.

There are examples where a large corporation simply sponsored the developer and development of an open source project. This should be the way.

The most depressing thing about such behavior from MegaCorp is that they are too lazy to even pretend to care. We meet lots of people in life who would appear sincere, talk sweetly etc, but it is all just a show, just acting. Now it is a different discussion on which is worse (acting like you care or just flat out being a dick) but acting takes some effort. These companies with near infinite money can't be bothered to even put in the slightest bit of effort - how much effort would it be to give a shout out to Keivan when they copied AppGet to make WinGet?

> Not sure how people fell so hard for "Microsoft <3 Open Source"

Give them a (somewhat) open source IDE and they start believing you are friend of open source in general.

Thanks for sharing this old thread.

I think this behavior stems from how big companies do performance reviews and promotions for developers.

Contributing to someone else's open source project is for schmucks and juniors. Authoring a "new" open source project in the company's name, getting recognition and solving problems is seen as "leading the industry" and whatever other wankery sophistry they come up with to try to motivate employees with.

If a megacorp wants your help to explain ANYTHING to them, you better be paid handsomely per hour. Wtf are people doing charity for trillion dollar empires.

NO, just NO!

And this is done by the owners of Github. Throw away open source licenses, create your own, make anyone who forks your code perpetually pay for your work, or ask money for your work.

"Luckily, I persisted. Spegel still continues strong with over 1.7k stars and 14.4 million pulls"

Yeah, your time is your most precious resource and what you get in return? Recognition? virtual stars, pulls, essentially numbers, essentially nothing. And then you get robbed.

WAKE THE FUCK UP PEOPLE.

"breaking the licenses"?

"without attribution"?

Did we read the same article?

There’s a Simpsons episode that’s older than many of the readers here where Bill Gates destroys (literally has goons smash) a business Homer accidentally started.

If Matt Groening thinks you’re a gaggle of assholes you’re probably even worse.

I thought the same, as the sole maintainer he can be king and do as he pleases, his git, his baby.

Came to post the same thing.

How can you not be biased? You built something. You want people to use it (assumption).

They’ve been accused of using interview answers in their own products as well.

I’m still salty about teaching someone something they didn’t know about caching in an interview and not making it to another round of interviews after that. If it was a huge company I’d be furious.

I'll never understand why they didn't simply hire him.

I’ve released some utility libraries under permissive libraries. I like it when they get used. Even when it’s part of a large company’s closed-source app. Many people don’t like that, and that’s perfectly fine, that’s why there are different choices available.

What I’ll never understand is people who release their project with a permissive license and then get upset when a big company distributes their own version of the project in accordance with the license. If you don’t want that sort of appropriation then you need to pick a license that doesn’t allow it.

I released a fun personal project under GPLv3 and the first filed issue was someone saying I should change the license to something friendlier to business interests.

Hell no. If they want to profit off my work, pay me. This is something I'm doing for fun, on my own terms. It’s Free for anyone to use as they want, so long as they keep it Free, too.

It's bizarre to me how, despite people criticizing the GPL and GNU as too ideological, the people you refer to - the permissive people - somehow seem even MORE ideological. The GPL to me seems pragmatic - sure technically a minimal license like WTFPL (ignore all its legal issues for now) is some kind of minimalist idea of pure objective freedom. But the GPL has some key "restrictions" that aren't really restrictions and produce an ecosystem that WORKS. Meanwhile the permissive ecosystem is just waiting to be scooped up by bigcos at their whim.

Have to agree with this. There's an endless list of open source maintainers who publish an MIT-licensed project then are surprised when it is treated as an MIT-licensed project. If you want rights, assert them. No one else is looking out for you. Especially not Microsoft.

> what's the incentive for authors of one-man projects to choose anything "permissive".

The incentive is generally that people enjoy having their projects used, be that by commercial companies or otherwise.

> I keep hearing this argument, but I still don't understand, what's the incentive for authors of one-man projects to choose anything "permissive".

My JS canvas library is licensed using MIT. From my personal perspective, I wouldn't have any problem with some $MegaCorp coming along and forking it, and even claiming it as their own creation. But ... why? Because one of the main drivers for my development of the library over the past few years is to proof-of-concept the idea that 2D Canvas API based infographics and interactives can be made - with the help of a JS library - performant, responsive and (most importantly!) as accessible to every end user as reasonably possible. My ideal outcome would be to embarrass other JS canvas library maintainers into taking canvas responsiveness and accessibility seriously. If that needs a $MegaCorp to come along and fork the library to bring my dream closer to reality then I ain't gonna stand in their way!

Of course I'd still continue to develop my version of the library - it's become my passion and obsession and there's always improvements to be made, new ideas to be explored.

As @diggan wrote[0] elsewhere in the thread, the issue is not that MIT is permissive but that Microsoft did not honor the requirements of the license (despite it being permissive!):

> Does it matter what license you use if they actively ignore the terms in the license you did chose? MIT requires attribution, but they didn't. Why would any other terms be different? You surely could have put "You must license your project the same as the one you forked from" and they still would have ignored it, not sure what the difference would have been.

[0] https://news.ycombinator.com/item?id=43750670

> Do you enjoy your project getting forked, walled off and exploited for profit by someone who has never done you any good?

By far the biggest risk for most projects is "nobody notices it and nobody uses it".

And if someone "takes" your project and uses it - you've usually still got it. Software is funny like that.

> What's good about being "permissive"?

it is good if you do not plan to go for violators anyway

I made some photos and published them on Wikimedia Commons (say, of random bicycle infrastructure).

I am fine with people using them without attribution, I expect that their use overall furthers my goals rather than damages it and if I would release it on CC-BY-SA 4.0 or similar I would not go to court over missing attribution.

Therefore I selected CC0, no reason to make things more complicated only to people following license.

I selected AGPL/GPL for some software where I would be happy to burn pile of money in case of license violation, up to and including litigating it in court for 10 years.

I initially had the same reaction to the MIT license; but it sort of looks like the GPL (or AGPL) wouldn't have really prevented this behavior. Microsoft (it sounds like) is making the code available; they've just extended and renamed the project. They could have done exactly the same thing (fork, rename, release under the same license), with the same effects he's complaining about (free-loading the consulting time, confusing the community) if he'd made it AGPL.

I mean, consider an alternate timeline. It's clear MS had their own, strong vision for the project, that overlapped with but wasn't identical to his. Is it actually that much more considerate to show up with two dozen new developers suddenly flooding a single-maintainer project with pull requests, some of which completely restructure the code and re-orient it towards a new vision that the original maintainer might not want?

Either the maintainer is now doing loads of unpaid labor for MS, and is the bottleneck; or he ends up having to step back and let the new MS developers bulldoze the project and take it over anyway.

What would have been a better approach?

One should choose a license that fits them. The problem with GPL licenses is they are viral and non-permissive. As a developer, as soon as I see the GPL I just click away to another repo no matter how good the lib is. I don't want people doing that to my projects, so I use Apache/MIT or whatever the permissive license that is most prominent for the language I'm using.

> What's good about being "permissive"?

They want widespread usage of their project, but always decry not like that when Amazon or Microsoft is responsible for the usage.

This is the reason why I am so confused by the strain of open source thought which says that large companies exploit OSS maintainers and ought to pay them.

Maintainers often pick permissive licenses specifically because they want companies to use the code. They want their project to grow and be adopted, and they reason that GPL would stifle adoption.

I don't really like the tactic of making your code as convenient as possible for anyone to grab off the shelf when they want to use it, and then later turning around and saying they should pay you. Why not do the payment part up front (by GPL-licensing the code and then selling dual licenses to interested companies)? Because then you wouldn't have any takers. Better to wait until people have integrated it into their systems before informing them that they ought to pay you.

I don’t mind sharing my software with others, even folks who want to make a profit. Of course, that’s easy for me to say since I’ve only released a few small projects open source. But when I do, I make my projects fully public domain. I’m not interested in feeling any sense of obligation to those who try the software out, so I free them from any obligation to me as well.

That said, I fully support larger projects being GPL, which I think is a more reasonable license for projects that involve dozens or hundreds of contributors and are depended on by millions around the world. But the role of the MIT and Apache style licenses has always felt a little more confusing.

It's very simple, the reason people favor a more permissive license is generally the same reason they open source their code: You want other people to use your project.

Obviously, a more permissive license is going to let people do whatever they want with "your" code, as it doesn't really belong to you anymore. If you want tight control then it's a bad choice, but a more permissive license is almost always going to mean your project is more widely used, for better or worse.

I always choose permissive licenses for personal project, and I often avoid depending on other projects that aren't permissive. If I want to know that, if I need to, I can grab the code and change something. And I want others to be able to remix what I make as needed.

The more limitations added on a license, the less open it is.

> What's good about being "permissive"?

For me personally, because I believe in freedom and permissive licenses grant more freedom than others do. I don't really care for licenses which attach unnecessary strings to what recipients can and cannot do with the software.

I think attitudes on license reflects on the whole a generational attitudes towards corporate use because the younger generation of software nerds grew up in epoch-boom-times.

During ZIRP-boom-times, having a successful popular open source project could be a ticket to kudos and a high paying job and a certain level of responsibility and satisfaction. BigCos spread the money around, and your job as a SWE ended up being gluing together a bunch of these open source pieces to solve corporate problems. And on the whole people felt like their corporate jobs were giving a fair deal, and a decent dividend for the open source work they were doing.

In that context why would you pick a license that your generous employer couldn't use?

The GPL and the free software movement is borne out of an earlier era, GenX and younger boomers who lived through seeing their hard work exploited and stolen from them. Or corporate entities that cut budgets, laid people off en masse, exploded in stock market crisis, etc and suddenly the good will was lost.

I think we'll see a bit of a resurgence in the GPL, as some people try to protect the work they've done.

(I do thnk the personality of Stallman himself has become a bit of a problem to be associated with)

While working for companies, many devs have had the frustrating experience of finding a library that perfectly solves their problem, only to discover that it’s GPL3 or similar and thus strictly off limits due to company policy. Especially if repeated a few times that’s enough to inspire use of permissive licenses, to help avoid that frustration for their future selves (should they change employers) as well as other fellow corporate devs.

It means that more people and companies can use your software. Plenty of orgs will avoid GPL and especially AGPL software out of an abundance of caution or because they legitimately need to link and customize the software for it to be useful for their business case, but do not want to release these (often very small & customer dependant) modifications.

I think for me, I’ve been a beneficiary of using MIT licenses (in minor ways, no large or famous projects) and so when I publish code I prefer sharing as MIT.

Maybe I should reconsider, but I never thought anyone would remove an MIT license. That sounds like plagiarism (though they did put a thank you in their repo)

Because when people start an OS project, they want to help people and grow. MIT license is the best license if your goal is to help other people. It's the worst license for building a business, but that's usually not what people think about when starting a project

Due to some quirks of software developer hiring practices, people write OSS not because they want to write OSS, but because they want the kudos of having written OSS. The downside is someone might use their OSS.

These days there is almost nothing good with permissive if your project gets used by mega corps specifically. They don’t want your opinions, your expertise, they don’t want to share anything back, they won’t pay you, and they will even avoid giving credit – the lowest of the low. And somehow we’re still worrying about inconveniencing megacorps as if that mattered, at all!

I would love a license that says if your company has a physical presence in 10+ countries, one of its executive owns a yacht, or even is publicly listed, you need to purchase a license from the owners. (As a bonus, if the company is primarily selling subscriptions, the license should be in subscription form in return). Free (GPL/MIT/whatever) for everyone else.

Even such a crude stupid license would be an improvement over today for many. Most importantly I think a large amount of code is already closed today, because of the risks. This results in worse technical solutions, eg SaaS instead of libs & docker images that are easy to fix yourself. I don’t understand the fear mongering about licenses that Amazon and Microsoft don’t like. At the absolute minimum, contribute the changes back.

The great thing about permissive licenses is that it maximizes the utility of the code. I don’t care if someone makes a mountain of money by forking my permissively licensed code, that is in some sense the objective and I lose nothing by it.

This strain of rent-seeking behavior by some that open source their code but then believe they are entitled to compensation or forced contributions if the wrong people use it per license is distasteful and a bad look. It highlights the extent to which for many people the motivations behind their “open source” are not actually, you know, open source. For many, open source is about the utility of the source code and nothing more.

Licenses like AGPLv3 aren’t just about the utility of open source, they try to litigate concepts like fairness and justice at the same time, and open source isn’t a great venue for that.

Permissive licenses are about contributing to the trade as a whole, rather than individualism.

Some of us don't believe that the code we write is "ours" in any meaningful way, and don't think strangers using it have any obligation to us just because we typed it once long ago.

Personally, I am happy if my code is of use. If people are using it for evil I'll fight the evil, not try to withhold good things from the world to avoid that possible case. It is an approach that is rooted in sufficiency mindset, rather than capitalistic notions of false scarcity.

My project being forked doesn't cost me anything at all, but caring about it being forked or enforcing a license would cost me time and energy I have no desire to spend. Permissive licenses accurately communicate the levels of fucks I give, while keeping assholes from trying to sue me over having used my contributions to the collective wealth of the profession.

If I make the world better for everyone, of course a bunch of people who never did anything for me are going to be a part of "everyone", basically by definition. What is wild here is that Microsoft didn't follow the extremely minimal requirements of the permissive license.

> exploited for profit by someone who has never done you any good

Yes, that's the whole point of open source? Most contributions to the most popular libraries and frameworks (not necessarily end products) are from employees on their paid corporate time to begin with.

ehm, it doesn't work this way, fortunately ... Microsoft, the corporation, is definitively responsible if there's a copy right violation.

Who exactly did what it's a Microsoft internal thing, unless Microsoft demonstrates that this has been done in bad faith and Microsoft did everything what is "reasonable" to avoid this happening ...

Obligatory Lawnmower context: https://www.youtube.com/watch?v=-zRN7XLCRhc&t=2040s

Copyleft and the shift to static executables are incompatible.

The vast majority of the rust (and Go) ecosystems is non-copyleft because you cannot satisfy the GPL in any meaningful way and satisfy your corporate legal department’s IP lawyers.

> I wish an even stronger license existed which allowed the original author to dictate who can build on top of the project

Such licenses exist. They're just not Free or Open Source. They can't be, by definition.

Have you seen the license of llama models from Meta?

> 2. Additional Commercial Terms. If, on the Llama 2 version release date, the monthly active users of the products or services made available by or for Licensee, or Licensee's affiliates, is greater than 700 million monthly active users in the preceding calendar month, you must request a license from Meta...

ref: https://github.com/meta-llama/llama/blob/main/LICENSE

But again, not open source...

GPL only requires you to contribute changes if you distribute the program (not if you just use it internally).

The GPL does not require you to contribute back changes, only to contribute changes forward to your end users.

Defaulting to a license is the default behavior.

Almost, except the sign said "Couch provided courtesy of Philip Laine as long as this sign is kept intact". And Microsoft removed the sign and replaced it with their own "Free couch from Microsoft" sign.

It's that a lot pof people want to use the 'free couch' label to attract a crowd, but when they spot someone rich, they want those marks to pay.

To provide changes upstream, the maintainer must accept the change. Most opensource licenses are that you are required to publish your changes. But not upstream. As you wrote, there is no license that forces any "pull requests".

The MIT license is the "easiest" license because there are no responsibility for the maintainer..

A bit. There are licenses that require people to publish their changes, though, and that is almost certainly what the poster meant.

    “I choose a lazy person to do a hard job. Because a lazy person will find an easy way to do it.”

Copied, not stole. It's unfortunate that the two are so often conflated.

I get a certain sense of pride every time a developer tells me to change my license and when I say no he tells me he'll go and use something else (and I'm supposed to feel bad about this, for some reason).

Open source is very much like a party. You are perfectly entitled to expect the host to be gracious and the guests not to steal things.

“It’s your fault for inviting them in” is victim blaming and horizontal aggression. The people at the top of the pyramid love it when the peasants fight each other. Saves them getting callouses.

if only you had kept reading 2 more sentences after the one you quoted you'd know:

  "The license does not allow removing the original license and purport that the code was created by someone else. It looks as if large parts of the project were copied directly from Spegel without any mention of the original source"

Exactly. Microsoft has been doing exactly this kind of crap since their very founding. The counter to it has existed for decades: GPL. And now AGPL for web stuff. How do you think the Linux kernel and GNU runtime have survived this long without the MS Embrace and Extend? GPL.

I considered forking an MIT repo once but had no idea how to communicate which parts were under the original MIT license and which weren’t. Unless I copied it into each file and deleted the root license, it seems like it would license all my changes as MIT, too, basically becoming a copy-left license.

> This experience has also made me consider changing the license of Spegel, as it seems to be the only stone I can throw.

Well, yes, that seems to be the conclusion OP has come to.

Yes, indeed, that's missing. Though it should be: "Copyright (c) 2023 Xenit AB" as that was the license that was in place when the copy/paste took place: https://github.com/spegel-org/spegel/blob/ed21d4da925b9a179c...

Yep, there's an issue with 200+ reactions: https://github.com/Azure/peerd/issues/109

I think you meant consulting, but it's not wrong for counselling either :)

For the layman, acquisition rumours are almost always bad news.

Even as a premise. Your domain is enough of a concern for Bigcorp to spend executive time on. Bigcorp wants to acquire your employer because and they think they can get more value out of it than the asking price.

Your own executives will ignore the threat that due diligence means to your business in the case a deal fails to be completed, because this is their promotion cycle. But you are a potentially redundant cog that is unlikely to be a more efficient part at Bigcorp. After all, you don’t already work for them.

Any copies of the code should include the notice according to the MIT license. I do agree that I could have used a less permissive license, and it is something that I am now considering to change.

The reality is that licenses do not mean anything unless you are actually able to enforce it. So I really do not think the license would have mattered in this case.

> Unfortunately the MIT license doesn't do much to prevent this

Seems both you and Microsoft needs to actually read through the MIT license, it isn't that long or complicated :)

> The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

That part is even in it's own paragraph and everything, really hard to miss for anyone who even glances at the license.

The MIT license doesn't say anything about headers. The attribution requirement is:

> The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

The license is saying you have to retain the license itself; it doesn't say anything about any other attribution notices that exists in the source files or anywhere else. It doesn't specify where you have to put the license; it could be in a comment in the code, or it could be in a file next to the code, and that doesn't change anything about the terms of the license.

If the original author put the license in comments, you can keep it in comments, but you could also move it to a standalone file. If the original author put it in a standalone file, you can keep it there or you can move it to a comment, but you can't remove it. If you distribute a compiled binary, you need to be sure you're including the license alongside the binary as well.

If Microsoft distributes a "substantial portion" of the software, and they do not include a copy of the original license (including the copyright statement at the top attributing the original author), they're in violation.

FTA

> A negative impact from the creation of Peerd is that it has created confusion among new users. I am frequently asked about the differences between Spegel and Peerd.

I can't imagine any quantifiable damages here. No business or revenue was impacted. Just chatter in an open source project.

Keeping his name in the license note is required by the terms and that is an expectation, even if you get the software for free.

A license term was not respected; the license allows to use, modify, etc. but not to remove the copyright message or change the copyright to Microsoft.

Too many developers don't really understand licensing. Everyone defaults to permissive to be politically correct, rather than on merit.

It's simply ignorance. For example, out of the 600 comments in this post, yours is the only one which was able to clearly articulate what actually happened. And it's all the way at the bottom. It goes to show the headspace most developers are in. This mistake will be repeated by many others until the end of time.

When you're a teenager sometimes you are into a girl that you like and she notices and acts all snobby.

Then sometimes you get into a date with her, but discovers she isn't what you expected. It was the snobbiness that made you more eager to know her.

Then, disappointed, you break up with her and she starts telling everyone you have bad breath, your friends are idiots, and that you are dumb and ugly (but she secretly still likes you).

When you're adult you start to realize that none of it is really that important. She is probably nicer than you remember. And you were just a kid.

All this HN discussion reminds me of those teenage years somehow. Like a twisted psychology distortion of it. It is kind of funny actually.

That's not a license, it's wishful thinking in template form.

The fact that you have "fill in the blanks here" in a "legal" document makes this actively harmful.

I respect the sentiment, but it's entirely the wrong direction. Better looking at the Creative Commons license picker/builder as a better example of a starting point.

Oh boy, credits that only work in their cloud. That’ll cover rent.

This might as well be a LLM generated ad roll performance